Make WordPress Core

Opened 14 years ago

Closed 14 years ago

Last modified 8 years ago

#11848 closed defect (bug) (worksforme)

bug in apache_mod_loaded()

Reported by: denis-de-bernardy's profile Denis-de-Bernardy Owned by:
Milestone: Priority: normal
Severity: normal Version: 2.9
Component: General Keywords: has-patch
Focuses: Cc:

Description (last modified by Denis-de-Bernardy)

If apache functions are available, we should not return the default value in apache_mod_loaded().

as things stand, get_mod_rewrite() would return true even if apache_get_modules() says otherwise.

also, phpinfo() is part of php core.

Attachments (2)

11848.diff (813 bytes) - added by Denis-de-Bernardy 14 years ago.
11848.2.diff (838 bytes) - added by Denis-de-Bernardy 14 years ago.

Download all attachments as: .zip

Change History (14)

#1 @Denis-de-Bernardy
14 years ago

  • Description modified (diff)

tested with apache_get_modules() turned on. needs testing with it off, and with php loaded as cgi.

#2 @dd32
14 years ago

some webhosts disable phpinfo() when they dont want the users to know the details of the setup.

As crazy as it may sound.

#3 @Denis-de-Bernardy
14 years ago

patch updated to reflect that.

#4 @sivel
14 years ago

See also #11604

#5 @sirzooro
14 years ago

I think it will be good to check this path on setup with PHP Suhosin - I know that this hardening patch adds some protection for phpinfo().

#6 @Denis-de-Bernardy
14 years ago

sirzooro: I did that already. though again, with the apache loaded function. if suhosin hides the modules, or disables the function, that's fine too. it just returns the default.

my issue with the current code is that it'll return true to get_mod_rewrite() even if apache_get_modules() makes it 100% certain that mod_rewrite is not around.

#7 @ryan
14 years ago

According to [7508] we return the default on purpose. #6278 doesn't really explain why other than to note it was done to restore the previous default for got_mod_rewrite().

#8 @ryan
14 years ago

This might explain why we only rely on confirming presence (but not absence) of a mod with apache_get_modules().

#9 @Denis-de-Bernardy
14 years ago

yeah. and hakre mentioned that in a fast cgi environment, it's pretty much impossible to detect an aapche module using simple functions.

I think we should consider applying different logic for get_mod_rewrite(). Here's what I just committed to the health-check plugin:

#10 @nacin
14 years ago

Tools > Network uses both got_mod_rewrite() and apache_mod_loaded() rather effectively. I don't think we should add much more to core for this. I think the perfect place for the code in the health check plugin is the health check plugin.

#11 @nacin
14 years ago

  • Milestone 3.0 deleted
  • Resolution set to worksforme
  • Status changed from new to closed

This ticket was mentioned in Slack in #core by chriscct7. View the logs.

8 years ago

Note: See TracTickets for help on using tickets.